The invention relates to data transfer through computer networks and, in particular, to a mechanism by which a specific intended recipient of a delivered document can be authenticated without prior participation by the intended recipient.
The Internet has grown tremendously in recent years, both in terms of number of users and the amount of data transferred through the Internet. Originally, the Internet was a data transfer medium for academia and then engineers and private users grew in use and familiarity with the Internet. Increasingly, the Internet is becoming an acceptable communication medium for business. However, business users demand more confidentiality and traceability of communication.
Business users often communicate sensitive, confidential, and proprietary information and, accordingly, expect such communication to be secure from unauthorized eavesdropping. In addition, business users expect to be able to store records tracing correspondence. Accordingly, for the Internet to provide a medium for business communication, Internet-based communication must be made secure and traceable.
The primary medium for person-to-person communication through the Internet is e-mail, using the simple mail transfer protocol (SMTP) and the post office protocol (POP). Internet email is text-based. Only textual data in ASCII format is transferrable according to SMTP. Binary, non-textual files can be transferred through SMTP, but only after encoding the binary files in a textual format. Such can be done, for example, using uuencode, BinHex, or Base 64 encoding. However, it is the responsibility of the receiving user to decode the textual format to reconstruct the binary file. Most currently available e-mail readers provide the ability to encode and decode binary files according to the more popular encoding protocols; however, such introduces the possibility that encoding and decoding can introduce errors in the attached binary files. In particular, some e-mail routers can determine that some characters are non-essential, such as trailing spaces, and alter the textual data as the e-mail message passes through. Such can introduce errors in a binary file encoded in a textual format where such characters are, in fact, essential.
Furthermore, e-mail messages are not easily traceable. A sender of an e-mail message can request a return receipt indicating that the recipient received the message, but the recipient can cause her e-mail reader to refuse to send such a return receipt. In addition, a particular e-mail reader may not support return receipts.
Most importantly, e-mail through the Internet is not secure. Information transferred through the Internet can be snooped, i.e., the information can be read as the information is passed from router to router through the Internet. Encrypting information transferred through the Internet makes snooping of the information significantly more difficult. Unfortunately, such encrypting also makes sending information through the Internet significantly more difficult. For example, the sender and recipient must agree as to which of the multitude of encryption types to use. The sender must encrypt a binary file before sending the encrypted binary file through e-mail as an encoded binary attachment in textual form. The recipient must decode the attached binary file and decrypt the decoded binary file to recover the original binary file.
While e-mail readers are increasingly supporting encryption and decryption of attached binary files, such support is neither uniform nor standardized. In general, users must separately acquire, install, and use whatever encryption software is required. Most new users of the Internet are novice computer users and such selection, acquisition, installation, and use of encryption software is a daunting task. When the objective is a simple message to a colleague, encryption and security are all-too-often simply bypassed.
Accordingly, Internet e-mail is an unsatisfactory solution for business communication. Web-based communication is similarly unsatisfactory.
The World Wide Web (WWW or xe2x80x9cthe Webxe2x80x9d) is a portion of the Internet in which information is cataloged and cross-referenced by including links within documents to reference other documents. Information transfer through the Web is according to the HyperText Markup Language (HTML). An emerging markup language is the Extensible Markup Language (XML). Both are types of Standard Generalized Markup Languages (SGMLs).
Information transfers through the Web can be secure and can be in a native, binary data format. Secure information transfer uses the known Secure Sockets Layer (SSL). While e-mail. transfers information according to a xe2x80x9cpushxe2x80x9d paradigm in which the information transfer is driven by the sender, information transfer through the Web is recipient-driven according to a xe2x80x9cpullxe2x80x9d paradigm. Therefore, a message directed from one user to another is not readily implemented through the Web.
Web-based e-mail has grown recently in popularity. One of the major advantages of web-based e-mail is that web-based e-mail is retrievable anywhere one has access to a web browser. However, sending information using web-based e-mail has a few disadvantages. First, web-based e-mail still uses regular e-mail servers and routers to transfer e-mail, so the messages still travel through unsecured channels and must go through encoding/decoding. Second, web-based e-mail is recipient selected; specifically, the recipient must have established a web-based e-mail account. The sender cannot specify that a message be sent through web-based e-mail unless the recipient has already established a web-based e-mail account.
In accordance with the present invention, secure web-based messaging according to a xe2x80x9cpushxe2x80x9d paradigm is augmented by specific, intended recipient authentication. In particular, a document can be sent to a specified, intended recipient through the Web using e-mail recipient notification, and the recipient is authenticated prior to delivering the document to the recipient. Such authentication prevents a cracker from snooping a delivery notification e-mail message and retrieving the document prior to retrieval by the true intended recipient. In addition, such authentication of the recipient is driven by the sender such that prior participation by the recipient in the messaging system according to the present invention is required.
The sender specifies secret information which is believed to be known to the intended recipient and to few others, if any. The recipient must supply this information to download the delivered document. Since the intended recipient may not be expecting the document delivery and may not know the nature of the requisite information, the sender can also supply a prompt by which the recipient can surmise the requisite secret information.
The recipient supplies information by which a user account is created for the recipient prior to downloading the delivered document. Such information is forwarded to an information server for verification. For example, if the recipient is required to enter her full name and a credit card number, the information server xe2x80x94a credit card authorization server in this examplexe2x80x94can verify that the supplied credit card number is in fact associated with the supplied full name.
Once the account is created, two e-mail mechanisms can be usedxe2x80x94both together or either in isolationxe2x80x94to add further assurances with respect to the recipient""s identity. A verification e-mail message can be sent following creation of the user account for the recipient. The verification e-mail message contains a URL by which the recipient can download the delivered document. To gain unauthorized access to the delivered document, a cracker must snoop two separate e-mail messages which is significantly more difficult than snooping a single e-mail message. In addition, a confirmation e-mail message can be sent to the recipient notifying the recipient of the creation of a user account in the recipient""s name. The confirmation e-mail message also includes instructions regarding the reporting of potentially unauthorized creation of the user account. Maintain an improperly created user account by a cracker, the cracker must not only snoop multiple e-mail messages but also block the confirmation e-mail message. Blocking e-mail messages is much more difficult than snooping e-mail messages.
These mechanisms, individually or in combination, provide significantly increased assurance that the recipient of a delivered document is in fact the party intended by the sender.